On Wed, Sep 30, 2015 at 10:51 AM, Mike West <mk...@google.com> wrote:
> On Wed, Sep 30, 2015 at 4:56 PM, James M. Greene <james.m.gre...@gmail.com > > wrote: >> >> *aaaaand* potentially modifying/dismantling >> iframe sandboxes. >> > > Are you able to do this in any cases other than `allow-same-origin` and > `allow-scripts`? If so, we should fix them. :) > I haven't spotted any such holes, though I also haven't tested it in all of the various browser/OS configurations. Again, you can see the live analysis results for your browser at http://jamesmgreene.github.io/sandblaster/test-iframes.html :) > Thanks for putting this together! > Welcomed! It was an interesting learning experience for me. Sincerely, James Greene